Several functions within the imageop module are vulnerable to exploitable buffer overflows due to unsafe arithmetic in check_multiply_size(). The problem exists because the check to confirm that size == product / y / x does not take remainders into account.
4fbbcdb0014f6b5b36412b5b0d77e13fcea4362e7222692a9ca1f45aad0c9e23